Ivan's Blog

Tech, Mobile, Hacking, Crypto(graphy), Security and Privacy.

Security Jun 19, 2026

Dissecting the Malware Injected Into My Own Ghost Blog

tl;dr: I had not looked at my blog in months and found a malicious script injected into every post through the Ghost Admin API. What it does, and how I removed it.

Security Nov 15, 2020

Why embedding secrets in mobile apps is not a good idea
Privacy Aug 2, 2020

About Canada's COVID Alert application
Privacy Jun 1, 2020

OPSEC tips for the general public
Privacy Mar 26, 2020

Is the Guatemalan government asking citizens for their location to show them ads?
Privacy Nov 30, 2019

Advice for Targets of Mobile Spyware
iOS Nov 21, 2019

Introducing security.plist
Privacy Oct 7, 2019

What checkm8 means for stalkerware on iOS
Reverse Engineering Aug 22, 2019

Decrypting iOS applications - iOS 12 Edition
Privacy Jul 22, 2019

Analyzing iOS Stalkerware Applications
Reverse Engineering Jul 1, 2019

Investigating some subscription scam iOS apps
Cryptography May 20, 2019

Created an "age" mobile client
Android May 6, 2019

Mobile App Sec Assemble
Mobile Apr 28, 2019

Who's collecting analytics data from mobile apps?
iOS Apr 1, 2019

Announcing my very own course: "Reverse Engineer iOS Applications" 📱
Jan 30, 2019

How Facebook-Research app works
iOS Dec 20, 2018

Tips for Mobile Bug Bounty Hunting
Nov 17, 2018

Fix SSL Kill Switch2 not showing on Settings
Nov 16, 2018

Racism and sexism are never funny
iOS Sep 13, 2018

What do Pointer Authentication Codes mean for iOS jailbreaking?
iOS Aug 23, 2018

Reverse Engineering iOS Apps - iOS 11 Edition (Part 2)
Development Mar 11, 2018

Formatting phone numbers in Swift
Mar 10, 2018

Saving your Github SSH Keys in a USB Drive
iOS Feb 28, 2018

Reverse Engineering iOS Apps - iOS 11 Edition (Part 1)
iOS Feb 26, 2018

Proxy iOS 11 applications’ traffic
Android Feb 24, 2018

Installing self-signed certificates on Android
iOS Jan 13, 2018

Fix Cydia Impactor crypto-osx.cpp:97 error
Jailbreaking Jan 4, 2018

Installing Dropbear SSH on iOS 10.3.3
CTF Nov 5, 2017

Reversing one thousand binaries
Cryptography Jun 26, 2016

The most innovative “thing” I’ve done (so far)

Ivan's Blog

Dissecting the Malware Injected Into My Own Ghost Blog

Why embedding secrets in mobile apps is not a good idea

About Canada's COVID Alert application

OPSEC tips for the general public

Is the Guatemalan government asking citizens for their location to show them ads?

Advice for Targets of Mobile Spyware

Introducing security.plist

What checkm8 means for stalkerware on iOS

Decrypting iOS applications - iOS 12 Edition

Analyzing iOS Stalkerware Applications

Investigating some subscription scam iOS apps

Created an "age" mobile client

Mobile App Sec Assemble

Who's collecting analytics data from mobile apps?

Announcing my very own course: "Reverse Engineer iOS Applications" 📱

How Facebook-Research app works

Tips for Mobile Bug Bounty Hunting

Fix SSL Kill Switch2 not showing on Settings

Racism and sexism are never funny

What do Pointer Authentication Codes mean for iOS jailbreaking?

Reverse Engineering iOS Apps - iOS 11 Edition (Part 2)

Formatting phone numbers in Swift

Saving your Github SSH Keys in a USB Drive

Reverse Engineering iOS Apps - iOS 11 Edition (Part 1)

Proxy iOS 11 applications’ traffic

Installing self-signed certificates on Android

Fix Cydia Impactor crypto-osx.cpp:97 error

Installing Dropbear SSH on iOS 10.3.3

Reversing one thousand binaries

The most innovative “thing” I’ve done (so far)